From 0f9b0cf7c026425dc604a64741807375a3f0f3a0 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 23 Feb 2016 03:08:38 +0100 Subject: Clean up --- Makefile | 7 +++++++ honeypot.c | 61 ++++++++++++++++++++++++++++--------------------------------- 2 files changed, 35 insertions(+), 33 deletions(-) diff --git a/Makefile b/Makefile index 16a3197..ea14e92 100644 --- a/Makefile +++ b/Makefile @@ -1 +1,8 @@ +CFLAGS ?= -march=native -O3 -fomit-frame-pointer -pipe +CFLAGS += -std=c11 -Wall + honeypot: honeypot.c telnet.h seccomp-bpf.h +clean: + rm -f honeypot + +.PHONY: clean diff --git a/honeypot.c b/honeypot.c index 1e8ba38..9cbf7ab 100644 --- a/honeypot.c +++ b/honeypot.c @@ -40,6 +40,7 @@ * */ +#define _GNU_SOURCE #include #include #include @@ -47,14 +48,17 @@ #include #include #include +#include #include #include #include #include #include #include +#include #include #include +#include #include /* @@ -67,16 +71,16 @@ #include "seccomp-bpf.h" -FILE *input = 0; -FILE *output = 0; -FILE *logfile = 0; -int is_telnet_client = 0; +static FILE *input = 0; +static FILE *output = 0; +static FILE *logfile = 0; +static int is_telnet_client = 0; /* * Telnet requires us to send a specific sequence * for a line break (\r\000\n), so let's make it happy. */ -void newline(int n) +static void newline(int n) { int i; @@ -88,12 +92,11 @@ void newline(int n) } } - /* * When the listener dies, we want to kill the clients too, but * first we make sure to send a nice message and restore the cursor. */ -void SIGINT_handler(int sig) +static void SIGINT_handler(int sig) { fprintf(stderr, "Got SIGINT, exiting gracefully.\n"); newline(3); @@ -107,7 +110,7 @@ void SIGINT_handler(int sig) * Handle the alarm which breaks us off of options * handling if we didn't receive a terminal. */ -void SIGALRM_handler(int sig) +static void SIGALRM_handler(int sig) { alarm(0); if (!is_telnet_client) { @@ -130,7 +133,7 @@ void SIGALRM_handler(int sig) /* * A child has exited. */ -void SIGCHLD_handler(int sig) +static void SIGCHLD_handler(int sig) { int status; pid_t pid; @@ -142,7 +145,7 @@ void SIGCHLD_handler(int sig) /* * Reads a line character by character for when local echo mode is turned off. */ -void readline(char *buffer, size_t size, int password) +static void readline(char *buffer, size_t size, int password) { int i; unsigned char c; @@ -199,22 +202,22 @@ void readline(char *buffer, size_t size, int password) * These are the options we want to use as * a telnet server. These are set in set_options() */ -unsigned char telnet_options[256] = { 0 }; -unsigned char telnet_willack[256] = { 0 }; +static unsigned char telnet_options[256] = { 0 }; +static unsigned char telnet_willack[256] = { 0 }; /* * These are the values we have set or * agreed to during our handshake. * These are set in send_command(...) */ -unsigned char telnet_do_set[256] = { 0 }; -unsigned char telnet_will_set[256]= { 0 }; +static unsigned char telnet_do_set[256] = { 0 }; +static unsigned char telnet_will_set[256]= { 0 }; /* * Send a command (cmd) to the telnet client * Also does special handling for DO/DONT/WILL/WONT */ -void send_command(int cmd, int opt) +static void send_command(int cmd, int opt) { /* Send a command to the telnet client */ if (cmd == DO || cmd == DONT) { @@ -240,7 +243,7 @@ void send_command(int cmd, int opt) /* * Set the default options for the telnet server. */ -void set_options() +static void set_options(void) { int option; @@ -279,13 +282,12 @@ void set_options() /* * Negotiate the telnet options. */ -void negotiate_telnet() +static void negotiate_telnet(void) { /* The default terminal is ANSI */ - char term[1024] = {'a','n','s','i', 0}; - int ttype, done = 0, sb_mode = 0, do_echo = 0, sb_len = 0; + int done = 0, sb_mode = 0, sb_len = 0; /* Various pieces for the telnet communication */ - char sb[1024]; + unsigned char sb[1024]; unsigned char opt, i; memset(sb, 0, sizeof(sb)); @@ -308,12 +310,7 @@ void negotiate_telnet() /* End of extended option mode */ sb_mode = 0; if (sb[0] == TTYPE) { - alarm(0); is_telnet_client = 1; - /* This was a response to the TTYPE command, meaning - * that this should be a terminal type */ - strncpy(term, &sb[2], sizeof(term) - 1); - term[sizeof(term) - 1] = 0; ++done; } break; @@ -349,8 +346,6 @@ void negotiate_telnet() /* We default to DONT */ telnet_options[opt] = DONT; send_command(telnet_options[opt], opt); - if (opt == ECHO) - do_echo = (i == DO); fflush(output); break; case SB: @@ -379,14 +374,13 @@ void negotiate_telnet() sb[sb_len++] = i; } } - - /* What shall we now do with term, ttype, do_echo, and terminal_width? */ + alarm(0); } /* * Drops us into a chroot, if possible, and drops privs. */ -void drop_privileges() +static void drop_privileges(void) { struct passwd *user; struct rlimit limit; @@ -438,7 +432,7 @@ void drop_privileges() setrlimit(RLIMIT_NPROC, &limit); if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { - perror("prctl(NO_NEW_PRIVS"); + perror("prctl(NO_NEW_PRIVS)"); exit(EXIT_FAILURE); } @@ -448,7 +442,7 @@ void drop_privileges() } } -void seccomp_enable_filter() +static void seccomp_enable_filter(void) { struct sock_filter filter[] = { VALIDATE_ARCHITECTURE, @@ -464,6 +458,7 @@ void seccomp_enable_filter() ALLOW_SYSCALL(alarm), ALLOW_SYSCALL(fstat), ALLOW_SYSCALL(mmap), + ALLOW_SYSCALL(ioctl), KILL_PROCESS }; struct sock_fprog prog = { @@ -476,7 +471,7 @@ void seccomp_enable_filter() } } -void handle_connection(int fd, char *ipaddr) +static void handle_connection(int fd, char *ipaddr) { char username[1024]; char password[1024]; -- cgit v1.2.3-59-g8ed1b